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DETAILED ACTION 

1 . Currently pending claims are 1 - 20 and 30 - 40. 

Response to Arguments 

2. Applicant's arguments with respect to instant claims have been fully considered but are 
moot in view of the new ground(s) of rejection necessitated by Applicant's amendment. 

3. As per claim 1, Applicant asserts " Paolucci neither discloses nor suggest that the CD of 
Paolucci itself is copy protected. That is, if a third party obtained or reproduced the confidential 
character code, Paolucci neither discloses nor suggests that third party couldn't copy the 
programs from the CD of Paolucci onto another program (Remarks: Page 14)". Examiner 
respectfully disagrees. Examiner notes the claim is given its broadest interpretation based upon 
MPEP §2111, and a CD that stores user information (e.g., 5-character confidential code and 
etc.) in a secure manner by making it impossible to be reproduced without authentication is 
considered as one type of copy protected record carriers . Therefore, Applicant's argument has 
no merit since the alleged limitation (e.g., if a third party obtained or reproduced the confidential 
character code, the third party couldn't copy the programs from the CD) has not been recited 
into the claim. Although the claims are interpreted in light of the specification, limitations from 
the specification are not read into the claims. See In re Van Geuns, 988 F.2d 1181, 26 
USPQ2d 1057 (Fed. Cir. 1993). 

4. As per claim 1 , Applicant asserts Raja fails to disclose or suggest "automatically initiating 
and confirming, by the authentication server, using information contained in the record carrier, a 
connection between a computer and the predetermined area of the target server". Examiner 
respectfully disagrees because (a) Raja reference is relied upon to provide automatically 
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initiating and confirming, by the authentication server, using information received by the 
authentication server (Raja: Column 12 Line Line 12 - 17 / Line 1 - 2 & Figure 3 / Element 330 
& 157) and each user identifier being related to a different desired target location (Raja: Column 
6 Line 40 - 42 / Line 63 - 65: Examiner notes this user identifier is thus also qualified as a 
project ID ) and (b) Paolucci reference is relied upon providing the required information (such as 
user identifier) that can be stored / burned into the CD (Paolucci: Page 5 Line 1 - 5, Page 6 Line 
1 - 2 / Line 12-13 and Page 7 Line 1). Therefore, Raja in view of Paolucci does teach 
"automatically initiating and confirming, by the authentication server, using information 
contained in the record carrier, a connection between a computer and the predetermined area 
of the target server that is identified by the project ID " and as such Applicant's arguments are 
respectfully traversed. 

5. As per claim 1, Applicant asserts Paolucci and Raja fail to disclose or suggest features 
of "verifying, by said authentication server, whether a changing parameter of the computer, 
which is a randomly generated number or a computer system time transmitted from said 
computer, was previously used (Remarks: Page 16)". Examiner respectfully disagrees because 
the one-time password , as taught by Robinson (or Greene), is indeed a changing authentication 
parameter of the computers used between the transaction parties, which is also a randomly 
generated number and was not previously used for authentication to meet the claim language, 
as recited in claim 1 . 

6. As per claim 16, Applicant asserts Paolucci fails to disclose "the predetermined email 
URL address website is on the CD (Remarks: Page 17 / 4th Para / Line 3 - 4)". Examiner notes 
the claim limitation does not recite at all regarding "the predetermined email URL address 
website is on the CD" - according to base claim 5, it is only recited as "using information 
contained in the record carrier"; however, it does not recites exactly what kind of information 
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contained in the record carrier is used. Therefore, Applicant's argument has no merit since the 
alleged argument (e.g., he predetermined email URL address website is on the CD) has neither 
been recited into the claim nor is supported by the disclosure of the instant specification at all - 
please note a predetermined area does not mean a particular area inside the CD. according to 
the specification . 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

7: Claims 16 and 28 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Regarding claims 16 and 28, the use of the claim language " bonus material related to 
the content " renders these claims indefinite, since there is no idea at all about what exactly the 
content that Applicant is intended to refer to. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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8. Claims 1 - 10, 12, 13, 15 - 18, 20, 21, 23 - 25 and 27 - 36 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Paolucci et al. (Frence Patent FR-A-2822255), in view of 
Rajakarunanayake (U.S. Patent 6,587,883, and in view of Robinson et al. (U.S. Patent 
2004/0034767). 

As per claim 1, 5, 18 and 20, Paolucci teaches a method for securing an access to a 
predetermined area of a target server (Paolucci: Page 5 Line 1 - 3, Page 10, 2 nd Para and 
Page 17, 3 rd Bullet: enabling a secure access to a specific internet website (i.e. a predetermined 
area of a target server) from a CD), the method comprising: 

providing an information file on a copy protected record carrier (Paolucci: Page 6, 
2 nd Para, 1 - 4 Bullets, Page 10 Line 1 - 2, Page 16, 2 nd - 5 th Para, Page 17, 3 rd Bullet, Page 7 
Line 1 and Page 9, 1 st Para / 3 rd Para: a CD that stores user information (e.g., 5 -character 
confidential code and etc.) in a secure manner by making it impossible to be reproduced is 
considered as one type of copy protected record carriers and the stored user information 
allowing a user to automatically access and launch an internet connection request is considered 
as an information file), information file comprising a project identifier or an address of an 
authentication server with which an application using said information file can 
communicate (Paolucci: Page 7 Line 1, Page 15 Line 6-8, Page 17, 3 rd Bullet, Page 10, 2 nd 
Para, Page 9, 1 st Para / 3 rd Para, Page 14 Line 5 - 7 and Page 6, Last 2 nd Bullets: (a) the 
information regarding the application enabling a secure access to a specific internet website is 
stored on the CD (b) the user's confidential access code to access a specific internet website is 
considered as part of a project identifier and (c) the stored information to automatically launch 
the internet connection request to access specific internet website and to validate the authorized 



Application/Control Number: 10/542,500 Page 6 

Art Unit: 2131 

opening session with 5 characters confidential code is considered as part of information to 
communicate with an authentication server). 

However , Paolucci does not disclose expressly automatically initiating and confirming, 
by the authentication server using information contained in the record carrier, a connection 
between a computer on which said application is started and said predetermined area of said 
target server that is identified by the address of the authentication server or the project identifier. 

Rajakarunanayake in view of Paolucci teaches automatically initiating and 
confirming, by the authentication server using information contained in the record 
carrier, a connection between a computer on which said application is started and said 
predetermined area of said target server that is identified by the address of the 
authentication server or the project identifier (Rajakarunanayake: Column 12 Line Line 12 - 
17 / Line 1 - 2 & Figure 3 / Element 330 & 157 and Column 6 Line 40 - 42 / Line 63 - 65: (a) 
Raja reference is relied upon to provide automatically initiating and confirming, by the 
authentication server, using information received by the authentication server (Raja: Column 12 
Line Line 12 - 17 / Line 1 - 2 & Figure 3 / Element 330 & 157) and each user identifier being 
related to a different desired target location (Raja: Column 6 Line 40 - 42 / Line 63 - 65: 
Examiner notes this user identifier is thus also qualified as a project ID) and (b) Paolucci 
reference is relied upon providing the required information (such as user identifier) that can be 
stored / burned into the CD (Paolucci: Page 5 Line 1 - 5, Page 6 Line 1 - 2 / Line 12 - 13 and 
Page 7 Line 1). In summary, an Authentication server is used to provide a secure connection to 
a secure target location and the user identifier (i.e. authentication information) is used by the 
Authentication server to uniquely identify the desired target location and once the desired target 
location is determined (i.e. after the positive verification of the user identifier and authentication 
information by the authentication server), a new session is established between the user and 
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the determined target location by the authentication server - i.e., there are two sections: one 
session between the clients and the authentication server and subsequently a new session is 
started between the clients and the target system (ISP)). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Rajakarunanayake within the system of 
Paolucci because (a) Paolucci teaches providing an automated secured access to a target 
location (i.e. internet website) by launching of the process from a user's CD at the client site and 
authenticating with the target system for the open session connection (Paolucci : Page 2 Line 1 
- 2 and Page 6, 5 th Bullet), and (b) Rajakarunanayake teaches using an authentication server to 
establish a new secured session between the user and the determined target location while the 
connectivity is disabled to other target locations so that the desired target system at the secure 
location may not be exposed to the risk of unauthorized access (Rajakarunanayake: Column 12 
Line 1 - 2 / Line 12 - 17 & Figure 3 / Element 330 & 157 and Column 2 Line 7-10). 

Paolucci as modified does not disclose expressly said authentication server 
verifies whether or not a changing parameter of the computer, which is a randomly 
generated number or a computer system time transmitted from said computer, was 
previously used and initiates a connection of said computer with said predetermined 
area of said target in case of a positive verification. 

Robinson teaches verifying, by said authentication server, whether or not a 
changing parameter of the computer, which is a randomly generated number or a 
computer system time transmitted from said computer, was previously used and initiates 
a connection of said computer with said predetermined area of said target in case of a 
positive verification (Robinson: Para [0075] and Para [0044]: the on-time password , as taught 
by Robinson, is indeed a time-based token authentication with dynamically changing 
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authentication parameter of the computers used between the transaction parties, which is also a 
randomly generated number and was not previously used for authentication). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Robinson within the system of Paolucci as 
modified because (a) Paolucci teaches providing an automated secured access to a target 
location (i.e. internet website) by launching of the process from a user's CD at the client site and 
authenticating with the target system for the open session connection (Paolucci : Page 2 Line 1 
- 2 and Page 6, 5 th Bullet), and (b) Robinson teaches providing an one-time password to 
enhance the authentication technique since a previously valid password does not provide any 
information about the validity of subsequent passwords (Robinson: Para [0075] and Para 
[0044]). 

As per claim 2, Paolucci as modified teaches automatically executing, after the record 
carrier is loaded in a reading device, a predetermined executable file provided in an autorun- 
information file on said record carrier (Paolucci: Page 7, Section of Auto-run mode, 1 st Para and 
Page 7 Line 1 : automatic launching of connection request upon the insertion of the CD). 

As per claim 3 and 25, Paolucci as modified teaches automatically executing an 
autostart file provided on said record carrier, after the record carrier is placed and loaded in a 
reading device and which autostart file including (i) a link to start said application, (ii) an 
indication that autostart file is part of said application, or which autostart file is said information 
file (Paolucci: Page 7, Section of Auto-run mode, 1 st Para, Page 17, 3 rd Bullet and Page 7 Line 1 
and Page 15 Line 6-8: automatic launching of connection request upon the insertion of the 
CD). 
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As per claim 4, Paolucci as modified teaches providing the application on said record 
carrier, or on a server, as a download, or on an access-software record carrier (Paolucci: Page 
6, 2 nd Para, 1 st Bullet and Page 15 Line 6-8: Launching of the process in Auto-run mode from 
the CD). 

< 

As per claim 6, Paolucci as modified teaches starting the application from said record 
carrier , or from a server preferably as a download , or via an access-software record carrier, 
preferably after an installation of the application on a hard disc of the computer (Paolucci: Page 
6, 2 nd Para, 1 st Bullet and Page 17, 3 rd Bullet: Launching of the process in Auto-run mode from 
the CD). 

As per claim 7, 21 and 23, Paolucci as modified teaches said application verifies 
whether or not the record carrier is an original and performs said communication with said 
authentication server in case of a positive verification (Paolucci: Page 10 Line 1 - 2 & 2 nd Para, 
Page 6, Last 2 nd Para, Page 9, 1 st Para and Page 17, 3 rd Bullet: an access to a certain website 
is only possible by using the original CD because the information file (e.g., key / confidential 
access code, URL and password) integrated into a specific file enabling a secure access to the 
website is copy-protected (i.e. is impossible to be reproduced) ) and as such, the communication 
with the authentication server cannot be started without the information file due to being copy- 
protected). 

As per claim 8, Paolucci as modified teaches transmitting, by said application transmits a 
changing parameter of the computer, to said authentication server (Robinson: Column 1 Line 50 
- 52 / Line 55 - 60: a one-time pad of passwords is synchronously changed and used between 
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the end-to-end parties and a previously valid password does not provide any information about 
the validity of subsequent passwords). 

As per claim 9, Paolucci as modified teaches verifying, by said authentication server 
whether the communication with said application and/or a transmission of said project identifier 
as a request for a connection between said computer and said predetermined area of said 
target server is posted from said application, wherein said connection is initiated upon indication 
from said verifying step that the communication or the transmission of said project identifier is 
posted (Paolucci: Page 7 Line 1, Page 8, 2 nd Para / Line 5-7 Page 9, 1 st Para and Page 17, 3 rd 
Bullet: between the access device and the authentication server) & (Rajakarunanayake: Column 
1 2 Line 1 - 2 1 Line 1 2 - 1 7 & Figure 3 / Element 330 & 1 57 and Column 2 Line 7-10: after the 
positive verification of the user identifier and authentication information by the authentication 
server, a new session is established between the user and the determined target location by the 
authentication server). 

As per claim 10, Paolucci as modified teaches establishing a connection, upon indication 
from said verifying step that the changing parameter was not previously used, between said 
authentication server and said target server to connect that the computer to said predetermined 
area of said target server via said authentication server (Rajakarunanayake: Column 12 Line 1 - 
2 / Line 12 - 17 & Figure 3 / Element 330 & 157 and Column 2 Line 7-10: after the positive 
verification of the user identifier and authentication information by the authentication server, a 
new session is established between the user and the determined target location by the 
authentication server). 
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As per claim 12, Paolucci as modified teaches: 

the authentication server generates a session identifier based on the positive verified 
values and transmits said session identifier to said target server via said connection between 
said authentication server and said target server (Rajakarunanayake: Column 12 Line 1 - 2 / - 
Line 12 - 17 & Figure 3 / Element 330 & 157 and Column 2 Line 7-10: after the positive 
verification of the user identifier and authentication information by the authentication server, a 
new session is established between the user and the determined target location by the 
authentication server), 

said connection between said computer on which said application is started and said 
predetermined area of said target server is set up by redirecting the connection between the 
computer and the authentication server to the target server or by forwarding data of the 
protected area to the computer (Rajakarunanayake: Column 12 Line 1 - 2 / Line 12 - 17 & 
Figure 3 / Element 330 & 157 and Column 2 Line 7-10), and 

said connection between said computer on which said application is started and said 
predetermined area of said target server is executed after the target server received a 
confirmation of a validity of the session identifier from the authentication server 
(Rajakarunanayake: Column 6 Line 63 - Column 7 Line 1 and Column 12 Line 1 - 2 / Line 12 - 
17: when the user ends the session to the target location, the user need to be authenticated by 
the authentication server again - and therefore, Examiner notes the target server received a 
confirmation of a validity of the session identifier from the authentication server). 

As per claim 13, Paolucci as modified teaches the authentication server confirms the 
validity of the session identifier by positively determining whether or not the session identifier 
exists and/or whether or not the session identifier was already requested to be valid (Robinson: 
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Para [0075] and Para [0044]: the on-time password , as taught by Robinson, is indeed a time- 
based token authentication with dynamically changing authentication parameter of the 
computers used between the transaction parties, which is also a randomly generated number 
and was not previously used for authentication). 

As per claim 15, Paolucci as modified teaches copy protecting the information file to 
copy protect said record carrier (Paolucci: Page 10 Line 1 - 2 & 2 nd Para, Page 6, Last 2 nd Para, 
Page 9, 1 st Para and Page 17, 3 rd Bullet: key / confidential access code, URL and password 
integrated into a specific file, as part of the information file, enabling a secure access to an 
internet website is copy-protected (i.e. is impossible to be reproduced) , as taught by Paolucci). 

As per claim 16 and 28, Paolucci as modified teaches said predetermined area on said 
target server comprises bonus material related to the content (Paolucci: Page 19 / 2 nd bullet - 
last line, Page 19 Last Para, Page 18 Last 2 nd Para). 

As per claim 17 and 27, Paolucci as modified teaches said information file is a part of 
said application or is an executable file of said application (Paolucci: Page 10 Line 4 - 6 / Line 
10-11, Page 17, 3 rd Bullet and Page 14 Line 6-7). 

As per claim 24, Paolucci as modified teaches an autorun-information file, which 
provides an automatic execution of a predetermined executable file after the record carrier is 
loaded in a reading device (Paolucci: Page 7, Section of Auto-run Mode, Line 1 -4: loaded from 
a CD reader as a reading device). 
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As per claim 29, 31, 33 and 35, Paolucci as modified teaches the information file 
comprises the project ID and the address of the authentication server (Paolucci: Page 6 Line 12 
- 15 and Page 7 Line 1: the autorun mode automatically launching of the "connection request" 
based on the confidential code and a core software program burned on a CD - Examiner notes 
(a) " connection request " inherently involves authentication request for connection between the 
authentication server and the client and (b) the confidential code and a core software program 
burned on a CD must inherently be related to the address of the authentication server in order 
to automatically launching of the "connection request") 

As per claim 30, 32, 34 and 36, Paolucci as modified teaches the changing parameter is 
randomly generated number and a computer system time (Robinson: Para [0075] and Para 
[0044]: the on-time password , as taught by Robinson, is indeed a time-based token 
authentication with dynamically changing authentication parameter of the computers used 
between the transaction parties, which is also a randomly generated number and was not 
previously used for authentication). 

9. Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over Paolucci et al. 
(Frence Patent FR-A-2822255), in view of Rajakarunanayake (U.S. Patent 6,587,883, and in 
view of Robinson et al. (U.S. Patent 2004/0034767), and in view of Mitchell et al. (U.S. Patent 
6,959,420). 

As per claim 14, Paolucci as modified does not disclose expressly the target server 
assigns a temporary session cookie to the computer so that the whole predetermined area of 
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the target server can be accessed via said connection between said computer on which said 
application is started and said target server. 

Mitchell teaches the target server assigns a temporary session cookie to the computer 
so that the whole predetermined area of the target server can be accessed via said connection 
between said computer on which said application is started and said target server (Mitchell: 
Column 1 Line 28 - 35 / Line 43 - 45 / Line 56 - 60: a temporary or session cookie is stored on 
a user's computer only for the current browsing session and the cookie is deleted from the 
computer when the browsing software is closed). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Mitchell within the system of Paolucci as 
modified because (a) Paolucci teaches providing an automated secured access to a target 
location (i.e. internet website) by launching of the process from a user's CD at the client site and 
authenticating with the target system for the open session connection (Paolucci : Page 2 Line 1 
- 2 and Page 6, 5 th Bullet), and (b) Mitchell teaches using a temporary session cookie to be 
stored on a user's computer so that the user does not have to repeatedly resubmit information 
to the website and the cookie is valid only for the current browsing session and is deleted when 
the browsing session is closed to avoid the abuse of the user's privacy by the untrustworthy 
website (Mitchell: Column 1 Line 28 - 35 / Line 43 - 45 / Line 56 - 60 / Line 61 - 67). 
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Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant 
is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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